Security
Fortinet has released an urgent security update to address a critical vulnerability in its FortiClient Enterprise Management Server (EMS) that is already being actively exploited in the wild.
The flaw, tracked as CVE-2026-35616, is an improper access control vulnerability that allows unauthenticated attackers to execute code or commands through specially crafted requests, posing a serious risk to affected systems.
Fortinet confirmed that the vulnerability impacts FortiClient EMS versions 7.4.5 and 7.4.6 and has urged customers to immediately apply available hotfixes. A permanent fix is also expected in the upcoming version 7.4.7, while version 7.2 remains unaffected.
The issue was identified by cybersecurity firm Defused, which described it as a pre-authentication API access bypass that enables attackers to completely circumvent authentication and authorization controls. The firm reported observing the flaw being exploited as a zero-day before disclosing it responsibly to Fortinet.
Security monitoring group Shadowserver Foundation has identified more than 2,000 exposed FortiClient EMS instances globally, with a significant concentration in the United States and Germany, increasing the potential attack surface.
The newly disclosed vulnerability follows another critical FortiClient EMS flaw, CVE-2026-21643, reported just days earlier and also under active exploitation, highlighting a growing security concern for users of the platform.
Fortinet has credited researcher Nguyen Duc Anh for identifying the latest issue and is urging organizations to deploy patches immediately or upgrade to the forthcoming version to mitigate the risk of compromise.
The incident underscores the importance of rapid patching and proactive vulnerability management as cyber threats continue to target widely deployed enterprise security tools.
The flaw, tracked as CVE-2026-35616, is an improper access control vulnerability that allows unauthenticated attackers to execute code or commands through specially crafted requests, posing a serious risk to affected systems.
Fortinet confirmed that the vulnerability impacts FortiClient EMS versions 7.4.5 and 7.4.6 and has urged customers to immediately apply available hotfixes. A permanent fix is also expected in the upcoming version 7.4.7, while version 7.2 remains unaffected.
The issue was identified by cybersecurity firm Defused, which described it as a pre-authentication API access bypass that enables attackers to completely circumvent authentication and authorization controls. The firm reported observing the flaw being exploited as a zero-day before disclosing it responsibly to Fortinet.
Security monitoring group Shadowserver Foundation has identified more than 2,000 exposed FortiClient EMS instances globally, with a significant concentration in the United States and Germany, increasing the potential attack surface.
The newly disclosed vulnerability follows another critical FortiClient EMS flaw, CVE-2026-21643, reported just days earlier and also under active exploitation, highlighting a growing security concern for users of the platform.
Fortinet has credited researcher Nguyen Duc Anh for identifying the latest issue and is urging organizations to deploy patches immediately or upgrade to the forthcoming version to mitigate the risk of compromise.
The incident underscores the importance of rapid patching and proactive vulnerability management as cyber threats continue to target widely deployed enterprise security tools.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
